Computer systems are ubiquitous and becoming omnipresent. Computer systems, including relatively simple microprocessor-based systems, are found in all types of electronic systems and devices. One can easily find various types of personal computers, such as desktop systems and laptops, being used in company buildings, manufacturing facilities, and in homes. Additionally, one can readily find information technology (IT) computer systems comprising mass information servers, such as those that serve as the backbone of the Internet. Additionally, computers can readily be found in personal electronic devices used every day in our personal lives. Examples include portable electronic devices, such as hand-held computers, palm-type computers, portable music players, and portable global positioning systems.
While the actual number of different computer system architectures and arrangements is staggering, computer systems tend to have several basic components. Generally, computer systems contain one or more central processing units (CPUs) located on a motherboard, or system planar, which interacts with volatile and non-volatile memory (read only memory, or ROM, and random access memory, or RAM), a display monitor or screen, and a keyboard or other input device. These computer systems also operate one or more portable storage devices, such as floppy disk drives and thumb drives, and one or more mass storage devices, such as a fixed disk storage device or hard drive. This general concept of a computer system configuration describes a vast majority of business and individual desktop and personal computers, as well as various portable computers, such as notebook computers and palm-sized computers.
As noted above, one ore more CPUs interact with various system components, such as memory and I/O devices. CPUs generally communicate with these system devices by way of a data bus. While a CPU may interact directly with certain system devices, such as memory, using a data bus, they generally only interact with external devices, such as storage devices and keyboards, by way of an input-output (I/O) controllers attached to hardware data buses. Data storage devices, such as fixed and portable disks, are generally configured to operate on such hardware data buses. That is to say, a computer system may use hardware data buses to communicate with, and store data on, mass data storage devices.
There is a growing need for protecting information on these data storage devices, including hard drives. Every day people collect and store more and more information in mass storage devices of computer systems. A lot of these data is sensitive in nature. A business or professional person, such as an attorney or a medical doctor, may store information that must be kept confidential, such as privileged communications from clients or results of medical tests. Patents, trade secrets, and other types of proprietary information and intellectual property may also be stored on a hard drive or other mass data storage device. Individuals also store private information, unrelated to business or other productive activities, such as daily diary entries or letters to loved ones. In the wrong hands, such sensitive data may cause companies hardships, embarrass individuals, and even lead to identity theft. Additionally, if company proprietary or sensitive information ends up in the hands of unintended persons, a company may risk losing a competitive edge.
Sensitive information stored on hard drives and other similar data storage devices may fall into the hands of unauthorized people in a variety of ways. Data storage devices have become smaller and more easily moved from one system to the next, and many computer systems use standard data storage devices, such as Intelligent Drive Electronics® (IDE) hard drives, that are purposely engineered to be easily moved from one computer to the next. Consequently, hard drives are routinely extracted from computer systems and reinstalled in other computer systems. For an example of how this may create a problem, consider many small and large businesses. Many businesses lease computer systems and equipment. After the term of the lease expires, the businesses may relinquish the equipment back to the equipment owner. If the companies only password protect the computer systems and fail to erase the data before returning the computer equipment, the equipment owner may extract the hard drives and install them in systems where the password feature is disabled, enabling the owner almost immediate access to sensitive or proprietary data stored on the drives. Additionally, businesses and individuals frequently have their computer systems upgraded by computer repair facilities, replacing such items as memory and mass storage devices. If the business or individual does not take steps to erase sensitive data from a storage device before having the system upgraded, the computer repair facility may redeploy the storage device containing the information to the computer system of another customer. Obviously, the other customer would have access to the sensitive data stored on the device.
System security has become an important issue. Various hardware, software, or combination approaches with increased capability and/or versatility have been developed in the industry to meet the data security needs of computer users. However, protecting sensitive information stored on hard drives and other mass storage devices is not easy for individuals or businesses today, given the current state of technology. While there are various methods for protecting sensitive information, almost all of the methods require user interaction for true security. Additionally, even when most methods are properly implemented and used, they prevent unauthorized access only part of the time, such as when the equipment and information are in a controlled environment.
One basic method of protecting data in computer systems and on hard drives is by using a password. This basic security measure has numerous shortcomings. First, many users do not bother using passwords, primarily due to the inconvenience. Second, most password protection schemes store passwords in erasable memory on the motherboard. Skilled computer users can easily erase this memory and defeat this method. Third, many password methods are implemented at the basic input-output system (BIOS) level, executed only during the boot process, and are not integrated with the data storage devices. In other words, people can easily circumvent this security method by extracting the storage device from a computer system having the password BIOS routine enabled and installing the device in a computer system having the password BIOS routine disabled. Since the password routine is in the computer system and not the storage device, a person may view sensitive information stored on the device by simply installing it in another computer system that has no password feature. For the relatively small percentage of storage devices that do have a password feature implemented within the hard drive, such that the password feature would be available in any system the hard drive is installed, this configuration still has major drawbacks. Many users do not enable it, either because they are not aware of its availability or, more frequently, users disable it because they consider it cumbersome to enter a password every time the computer is started. Another frequent trouble encountered by drives that do have device password routines is that people still are often unable to use it because of lack of BIOS support on the motherboard. Lastly, some storage devices are “hot pluggable”, meaning they can be installed after the computer system is up and running, which generally bypasses many password checking routines.
Another method of protecting sensitive data stored on hard drives and other mass storage devices involves the technique of encryption. In other words, data and information are first scrambled before being saved in the storage device, such that they become unintelligible without a decryption key. Similar to the password method, this method also has its drawbacks. One major drawback is system performance. The process of encrypting data before storing them generally slows down system performance. System performance is usually degraded because of the extra steps of encrypting data before storage, and decrypting data upon retrieving them. In other words, the CPU and I/O systems generally must wait for the storage device to encrypt and store data before sending more information to the device. Likewise, the CPU and I/O systems must again wait for the storage device to decrypt or unscramble the data after a read request. Additionally, some operating systems and programs are simply incompatible with storage devices that use encryption methods.
Given the available techniques for protecting sensitive information stored on hard drives and other data storage devices, and the associated problems with the current techniques, computer users need automatic methods of protecting sensitive information against unauthorized or surreptitious viewing and usage. The methods need to protect the information from unauthorized access when sensing an environment change, such as the change corresponding to relocation of a hard disk drive from one system to another. The methods also need to be automated, not relying on human intervention.